Description
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.
Remediation
References
https://akka.io/security/alpakka-kafka-cve-2023-29471.html
https://github.com/akka/alpakka-kafka/issues/1592
Related Vulnerabilities
CVE-2022-23615 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2017-1000355 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2023-37460 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2023-29523 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2010-1330 Vulnerability in maven package org.jruby:jruby